Event ID 5719 is logged when you start a Domain Member

Article translations Article translations
Article ID: 938449 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

Consider the following scenario:
  • You have a computer that is running one of the operating systems that is mentioned in the “Applies to” section.
  • The computer is joined to a domain.
  • One of the following conditions is true:
    • The computer has a Gigabit network adapter installed.
    • You secure the network access by using Network Access Protection (NAP), network authentication, or another method.
In this scenario, the following event is logged in the System log when you start the computer:

Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 5719Date: DateTime: TimeUser: N/A Computer: ServerDescription:No Domain Controller is available for domain <domain name> due to the following: There are currently no logon servers available to service the logon request. Make sure that the computer is connected to the network and try again. If the problem persists, contact your domain administrator.

Cause

This issue may occur for any of the following reasons:
  • You are using a Gigabit network adapter and the Netlogon service starts before the network is ready.
  • Solutions that verify the health of the new network member delay the network connection and your ability to access domain controllers. If you have an automatic Direct Access channel connection enabled, this may also require more time to perform than Netlogon allows.
  • The 802.1X authentication process delays connections to the domain controllers.
  • The client experiences a delay to retrieve an IP address from the DHCP server. This delays the display of the network interface.

Resolution

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Resolution 1

To resolve this issue, install the most current driver for the Gigabit network adapter. Or, enable the PortFast option on the network switches.

Resolution 2

There is a known problem that affects DHCP client code in Windows 7. A hotfix for Windows 7 that resolves this problem is available through the following Microsoft Knowledge Base article:

2459530 Event ID 5719 and event ID 1129 may be logged when a non-Microsoft DHCP Relay Agent is used
Note This particular problem does not affect Windows 8, Windows Server 2012, or later versions of these systems.

Resolution 3

To resolve this issue, use the registry to change the related settings that affect DC connectivity. To do this, use the following methods.
Method 1
Adjust the firewall settings or IPSEC policies that are changed to allow DC connectivity. These changes are made when the client receives an IP address but requires more time to access a domain controller (for example, after a successful verification through Cisco NAC or Microsoft NPS Services).
Method 2
Configure the Netlogon registry setting to a value that is safely beyond the time that is required allow DC connectivity. Use the following settings as guidelines.

Registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters

Value Name: ExpectedDialupDelay
Data Type: REG_DWORD
Data Value is in seconds (default=0)
Data Range is between 0 and 600 seconds (10 minutes)

For more information, click the following article number to go to the article in the Microsoft Knowledge Base:

819108 Settings for minimizing periodic WAN traffic
Method 3
The IP stack tries to verify the IP address in a static IP configuration. This delays the time that the IP takes to come online. You can set the ArpRetryCount registry entry to zero (0). To do this, follow these steps:
  1. Start Registry Editor.
  2. Locate and select the following subkey:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TcpIp\Parameters\ArpRetryCount
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type ArpRetryCount.
  5. Right-click the ArpRetryCount registry entry, and then click Modify.
  6. In the Value data box, type 0, and then click OK.

    Note The Data Range is between 0 and 3 (3 is default).
  7. Exit Registry Editor.
For more information, download the "TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008" document from the following Microsoft Download Center website:

TCPIP_Reg.doc
Method 4
To resolve this issue, reduce the Netlogon negative cache period by changing the NegativeCachePeriod registry entry in the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\NegativeCachePeriod
After you make this change, the Netlogon service does not behave as if the domain controllers are offline for 45 seconds. The event 5719 is still logged. However, the event does not cause any other significant problems. This setting allows member to try domain controllers earlier if the process failed previously.

Suggestion: Try to set a low value, such as three seconds. In LAN environments, you can use a value of 0 to turn off the negative cache.

For more information about this setting, click the following article number to go to the article in the Microsoft Knowledge Base:

819108 Settings for minimizing periodic WAN traffic

Method 5
Configure the Kerberos registry setting to a value that is safely beyond the time that is required allow DC connectivity. Use the following settings as guidelines.

Note This setting applies only to Windows XP and Windows Server 2003 or earlier versions of these systems. Windows Vista and Windows Server 2008 and later versions use a default value of 0. This value turns off User Datagram Protocol (UDP) functionality for the Kerberos client.

Registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Value name: MaxPacketSize
Data Type: REG_DWORD
Value Data: 1
Default: (depends on the system version)

For more information, click the following article number to go to the article in the Microsoft Knowledge Base:

244474 How to force Kerberos to use TCP instead of UDP in Windows
Method 6
Disable media sense for TCP/IP. To do this, add the following value to the Tcpip registry subkey:

Registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

Value Name: DisableDHCPMediaSense
Data Type: REG_DWORD
Value Data: 1
Value Range: Boolean (0=False, 1=True)
Default: 0 (False)

For more information, click the following article number to go to the article in the Microsoft Knowledge Base:

239924 How to disable the Media Sensing feature for TCP/IP in Windows

More information

If you can correctly log on to the domain, you can safely ignore event ID 5719. Because the Netlogon service may start before the network is ready, the computer may be unable to locate the logon domain controller. Therefore, event ID 5719 is logged. However, after the network is ready, the computer will try again to locate the logon domain controller. In this situation, the operation should be successful.

In a Netogon.log, entries that resemble the following may be logged:

08/24 07:47:03 [CRITICAL] <domain>: NlDiscoverDc: Cannot find DC.08/24 07:47:03 [CRITICAL] <domain>: NlSessionSetup: Session setup: cannot pick trusted DC08/24 07:47:03 [MISC] Eventlog: 5719 (1) "<domain>" 0xc000005e ...08/24 07:47:03 [SESSION] WPNG: NlSetStatusClientSession: Set connection status to c000005e...08/24 07:47:19 [SESSION] \Device\NetBT_Tcpip_{4A47AF53-40D3-4F92-ACDF-9B5E82A50E32}: Transport Added (10.0.64.232)-> Getting a proper IP address takes >15 seconds.
Similar errors might be reported by the Group Policy Engine. For example, the Group Policy may not be applied at system startup. In this case, startup scripts do not run. The Group Policy failures may be related to the failure of Netlogon to locate a domain controller. You can set Group Policy to be more responsive to late network connectivity arrival.

For more information, click the following article number to go to the article in the Microsoft Knowledge Base:

2421599 Windows 7 Clients intermittently fail to apply group policy at startup

Properties

Article ID: 938449 - Last Review: January 8, 2014 - Revision: 9.0
Applies to
  • Windows 8.1
  • Windows 8 Pro
  • Windows 8
  • Windows 8.1 Pro
  • Windows Server 2012 R2 Datacenter
  • Windows Server 2012 R2 Standard
  • Windows Server 2012 R2 Essentials
  • Windows Server 2012 Datacenter
  • Windows Server 2012 Standard
  • Windows Server 2012 Essentials
  • Windows 7 Enterprise
  • Windows 7 Ultimate
  • Windows 7 Professional
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Windows Vista Business
  • Microsoft Windows XP Professional
  • Microsoft Windows Server 2003 Service Pack 2
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
Keywords: 
kbexpertiseinter kbtshoot kbprb KB938449

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com